Pages

Friday, March 30, 2012

No, Anonymous is Not Shutting Down the Internet

So, someone posted this on PasteBin the other day, outlining a hack-attack on major DNS servers that will "shut down the Internet." They claim to be the hacking group, Anonymous. They're not.

Here's an outline of their attack.

The principle is simple; a flaw that uses forged UDP packets is to be
used to trigger a rush of DNS queries all redirected and reflected to
those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
we can change the source IP of the sender to our target, thus spoofing
the source of the DNS query.
The DNS server will then respond to that query by sending the answer to
the spoofed IP. Since the answer is always bigger than the query, the
DNS answers will then flood the target ip. It is called an amplified
because we can use small packets to generate large traffic. It is called
reflective because we will not send the queries to the root name servers,
instead, we will use a list of known vulnerable DNS servers which will
attack the root servers for us.

Think about why there's no possible way this can work. In order to prevent HTTP requests from reaching the DNS, they'd need to flood the DNS's with enough packets to form a constant stream of daemon-y packet messages. They'd need more bots in their botnet than legitimate, Internet-using computers in the world.